Snort mailing list archives
Blocking based on snort alerts.
From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Thu, 5 Jan 2017 08:19:55 -0500
Hi, Just wanted to ask, if anyone blocking IPs that are triggering specific snort alerts. We are blocking IPs based on triggering of some snort alerts that we think are legit and not trigger on false positive. The reason I ask, is in past we had good amount of snort alerts that were set to block the IPs that are triggering those alerts, but turned out that we were blocking some legit IPs to access the network because of false positives that were triggering those snort alerts. Hence if anyone would like to share the sids they are using to take direct actions like blocking at the border, when those sids get triggered. Appreciate any comments/suggestions. Thanks, Fatema.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Blocking based on snort alerts. fatema bannatwala (Jan 05)